Privileged account security

The Department of Health is seeking software to help it manage privileged user accounts as it strives to comply with one of the mandatory security requirements for Commonwealth entities. The department has issued a request for tender for privileged access management (PAM) software which it said will help its “move towards compliance with the Essential Eight Security Controls”. “Ultimately, the solution will increase the risk posture for the department and safe guarding its people and information from potential threats related to privileged accounts,” the department said. The ‘Essential Eight’ is a list of high priority security mitigation strategies drawn up by the Australian Signals Directorate. The ASD published the Essential Eight in 2017, building on the agency’s mandatory Top 4 mitigation strategies. Restricting administrative privileges based on user duties is part of the original Top 4 list — implementation of which … [Read more...] about More like su-don’t: Health Department seeks to clamp down on privileged accounts

NEW YORK--(BUSINESS WIRE)--May 16, 2018--CA Technologies (NASDAQ:CA) today announced that CA Privileged Access Manager (PAM) has been approved as a Cybersecurity Tool (CST) and added to the U.S. Department of Defense Information Network (DoDIN) Approved Product List (APL). CA PAM is the only privileged access management solution to simultaneously hold the Federal Information Processing Standard Publication 140-2 (FIPS PUB 140-2) verification for its cryptographic module, while also being listed on the DoDIN APL and the National Information Assurance Partnership’s Product Compliant List (NIAP PCL).The DoDIN APL is administered by the Defense Information Systems Agency (DISA) and includes only the products approved for use with DoD agencies’ technology infrastructure. This designation identifies products that have undergone a rigorous testing process conducted by the DoD that assures that mandated levels of cybersecurity and interoperability capabilities are met.In … [Read more...] about CA Privileged Access Manager Receives U.S. Department of Defense Certification

The road to autonomous vehicles depends upon components that are secured against hacking and other outside interference. The cybersecurity precautions necessary for self-driving cars must be embedded in chips and systems from the beginning of the supply chain. Automotive manufacturers and their Tier 1 suppliers are counting on their electronics vendors to provide products that can withstand the known exploits of cyberattacks. Those elements of the connected car also must have the capability to receive over-the-air software updates to defend against the latest in bots and malware. But cybersecurity in 2018 has become a cat-and-mouse game between cybercriminals and security professionals, who wage battle with cyberattacks on a daily basis. “The car that is coming essentially will be its own network that’s exposed to the rest of the world,” says Robert Bates, chief safety officer for automotive at Mentor, a Siemens Business. “It’s going to have the same sets … [Read more...] about Built-In Security For Auto Chips

Today, in the digital age, businesses are facing new threats. These threats take the form of cyber attacks and must be considered a priority for SMEs. Large-scale corporations likely have provisions in place, should they face any cyber threats. Unfortunately, however, many small enterprises believe they are too small to face cyber attacks, leaving them extremely vulnerable. Recent government reports demonstrated that one in five SMEs who suffered a cyber attack lost a day in revenue to recover. In 2017, the NHS suffered one of the largest cyber attacks, demonstrating the need to prioritise online security more as we continue to rely on computers for storing vital information. The government has estimated that over half of all UK companies have faced a form of cyber attack, which can result in financial losses and, in severe cases, insolvency procedures. With that in mind, Business Rescue Expert, leading insolvency practitioners in the UK, are sharing a guide on the cyber … [Read more...] about Cyber security threats and provisions for SMEs

In this tutorial, we will describe how to secure a FTP server (VSFTPD stands for “Very Secure FTP Daemon”) using SSL/TLS in Ubuntu 16.04/16.10. If you’re looking to setup a secure FTP server for CentOS based distributions, you can read – Secure an FTP Server Using SSL/TLS on CentOS After following the various steps in this guide, we will have learned the fundamentals of enabling encryption services in a FTP server for secure data transfers is crucial. Requirements You must Install and Configure a FTP Server in Ubuntu Before we move further, make sure that all commands in this article will be run as root or sudo privileged account. Step 1: Generating SSL/TLS Certificate for FTP on Ubuntu 1. We will begin by creating a subdirectory under: /etc/ssl/ to store the SSL/TLS certificate and key files if it doesn’t exist: $ sudo mkdir /etc/ssl/private 2. Now let’s generate the certificate and key in a single file, by running the command below. $ sudo … [Read more...] about Setting Up a Secure FTP Server using SSL/TLS on Ubuntu